Aggregator

A vulnerability described as critical has been identified in Live555 Streaming Media 2018.09.02. This issue affects the function MatroskaFile::createRTPSinkForTrackNumber of the component MKV File Parser. Executing manipulation can lead to stack-based buffer overflow. This vulnerability appears as CVE-2025-65406. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Splunk Enterprise and Cloud Platform. It has been declared as critical. Affected by this issue is some unknown functionality of the component Network Port Handler. Such manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2025-20388. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Devolutions Server up to 2025.2.20/2025.3.8. Affected is an unknown function of the component Last Usage Logs. Executing manipulation can lead to sql injection. This vulnerability is handled as CVE-2025-13757. The attack can be executed remotely. There is not any exploit available.

内含18家SRC祝福视频！

倒计时已经开始！准备好迎接本周末的科技狂欢吧！

Valve 早些时候披露了 VR 头显产品 Steam Frame，使用了 Arm SoC，运行 Linux 操作系统 SteamOS。Valve 此前开发了在 x86 架构 Linux 操作系统上运行 Windows 游戏的兼容层项目 Proton，但在非 x86 架构上如何运行 Windows 游戏？根据 The Verge 报道，Valve 对此早就做好了充分准备。SteamOS 和 Steam Deck 的架构师 Pierre-Loup Griffais 透露 Valve 早在几年前就开始资助在 Arm 架构上运行 Windows 游戏的开源项目的开发工作，未来 Windows 应用开发商无需再在移植上花费时间就让包括游戏在内的应用在基于 x86 以及 Arm 架构处理器的 Linux 操作系统上运行。最新披露的开源项目是 Fex。Griffais 称 Valve 从 2016 年和 2017 年起就开始招募并资助开源开发者，Fex 首席开发者 Ryan Houdek 称他在 2018 年完成了首个原型，而 Valve 提供的薪水让他能全职投入 Fex 项目。

嗯，用户让我帮忙总结一篇文章，控制在一百个字以内，而且不需要用“文章内容总结”之类的开头。首先，我得仔细阅读文章内容，抓住主要信息。 文章讲的是Valve推出了VR头显Steam Frame，用的是Arm处理器和Linux系统SteamOS。Valve之前有个Proton项目，让Linux跑Windows游戏，但现在转向Arm架构，他们资助了一个开源项目Fex，这样Windows应用就能在更多设备上运行了。Fex的首席开发者Ryan Houdek从2018年开始全职开发，Valve给了他薪水支持。 所以总结的话，要包括Valve、Steam Frame、Arm SoC、Linux系统、开源项目Fex以及跨平台运行Windows应用的目标。还要注意字数限制在100字以内。 可能的结构是：Valve推出Steam Frame头显，使用Arm处理器和Linux系统，并通过开源项目Fex实现Windows应用跨平台运行。这样既涵盖了产品信息，又说明了技术手段和目标。 检查一下有没有遗漏重要信息，比如Proton项目的背景虽然提到了，但总结里可能不需要详细说明。重点放在新项目Fex和跨平台能力上。 最后确保语言简洁明了，不使用复杂术语，让读者一目了然。 Valve 推出 VR 头显 Steam Frame，采用 Arm 处理器和 Linux 系统，并通过开源项目 Fex 实现 Windows 应用在多架构 Linux 设备上的运行。

慢雾安全团队建议项目方/审计人员应加强对极端场景和边界条件的覆盖测试。

SandboxAQ announced an AI-SPM offering that provides visibility into where AI is being used in organizations’ tech stacks and evaluates AI assets for exploitable weaknesses, insecure dependencies, and exposure risks such as prompt injection, data leakage, and unauthorized access. The offering is purpose-built to help organizations address the growing threat of “shadow AI” before it leads to material breaches. Recent SandboxAQ research reveals a widening blind spot in enterprise security: while 79% of organizations are … More →

The post SandboxAQ launches AI-SPM platform to expose shadow AI risks appeared first on Help Net Security.

A new security assessment tool has been released to help researchers and administrators identify React Server Components (RSC) endpoints potentially exposed to CVE-2025-55182. Developed as a lightweight by Pentester with the alias Fatguru, a non-intrusive Python script, the scanner offers a method for “Surface Detection” that avoids the pitfalls of aggressive proof-of-concept (PoC) exploits, which […]

The post New Scanner Tool for Detecting Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182) appeared first on Cyber Security News.

文章指出，90%的非执行董事对网络安全价值缺乏信心。CISO和CIO需通过业务相关的故事和语言（如风险、弹性和ROI）与董事会沟通，而非技术细节。这有助于提升董事会对网络安全投资的信心，并将其视为战略而非成本中心。

New data shows 90% of NEDs lack confidence in cybersecurity value. CISOs and CIOs must translate cyber risk into business impact.

The post CISOs, CIOs and Boards: Bridging the Cybersecurity Confidence Gap appeared first on Security Boulevard.

A new security report reveals a troubling reality about the state of online phishing operations. Recent research has uncovered over 42,000 validated URLs and domains actively serving phishing kits, command-and-control infrastructure, and malicious payload delivery systems. The scale and sophistication of these operations represent a significant departure from traditional phishing attempts. Rather than simple misspelled […]

The post New Report Warns of 68% Of Actively Serving Phishing Kits Protected by CloudFlare appeared first on Cyber Security News.

2025年12月，日本西南诸岛北端的马毛岛（Mageshima）被曝出昼夜不停赶建军事基地的航拍画面。据报道

据巴基斯坦媒体报道 ，2025年11 月 30 日晚，一名女性自杀式炸弹袭击者驾驶一辆装满炸药的汽车冲撞了位于

Исследователи раскрыли «идеальную десятку» — уязвимость CVE-2025-55182 в React Server, которая превращает любой уязвимый сервер в открытую дверь для хакеров.

The Center for Internet Security, Astrix Security, and Cequence Security announced a strategic partnership to develop new cybersecurity guidance tailored to the unique risks of AI and agentic systems. This collaborative initiative builds on the CIS Critical Security Controls (CIS Controls), extending its principles into AI environments where autonomous decision‑making, tool and API access, and automated threats introduce new challenges. The intent of the partnership includes initially developing two CIS Controls companion guides: one for … More →

The post CIS, Astrix, and Cequence partner on new AI security guidance appeared first on Help Net Security.

In this Help Net Security interview, Sonia Kumar, Senior Director Cyber Security at Analog Devices, discusses how securing decentralized smart grids demands a shift in defensive strategy. Millions of distributed devices are reshaping the attack surface, and she explains why utilities must rethink threats, resilience, and trust. Kumar explains that next-generation architectures need to build in security from edge devices through to cloud systems to keep up with emerging risks. With increasing grid decentralization from … More →

The post Smart grids are trying to modernize and attackers are treating it like an invitation appeared first on Help Net Security.